· 3 min read
Introducing AI with the works council: avoiding the surveillance debate
Why the works council has a say in AI tools, which questions are guaranteed to come up — and how the right architecture answers the trust question before it escalates.
AI projects in German companies rarely fail because of technology. They fail because at some point someone asks: "Can my boss read my chats?" — and nobody has a good answer. From that moment on, the project is no longer a productivity initiative but a surveillance debate.
The good news: this is avoidable. But only if you take co-determination seriously from the start — and choose a tool whose architecture answers the critical questions by itself.
Why the works council has a say
Under Section 87 (1) No. 6 of the German Works Constitution Act (BetrVG), the works council co-determines the introduction of technical systems that are suited to monitoring employees' behavior or performance. Importantly, established case law does not require monitoring to be intended — objective suitability is enough.
An AI platform that stores employees' chats, usage times and activities is a textbook example. Co-determination is therefore not the exception but the norm — and trying to bypass it risks standstill instead of speed.
The questions that are guaranteed to come up
From the works council's perspective, four points are critical:
- Access to content: Can managers or administrators read employees' chats?
- Performance monitoring: Can usage data be turned into individual performance profiles ("who uses the AI how much")?
- Storage: What is stored, for how long — and can employees really delete their own content?
- Purpose limitation: Is it ruled out that the data will later be evaluated for other purposes?
If you hear these questions for the first time during the works agreement negotiation, you have already lost.
Architecture beats assurance
The decisive difference lies in how a provider answers these questions. "We don't look at it" is an assurance. "There is technically no access" is an architecture — and only the second answer holds up in a works agreement.
Concretely, this means for tool selection:
- No content access for admins: Administrators see only aggregated statistics (such as token usage and model distribution) — never chat contents. Ideally there is no "view as user" mode either, not even a disabled one.
- Temporary chats: For sensitive questions there is a mode in which conversations are never stored in the first place.
- Deleted means deleted: Employees delete their own chats themselves, immediately and irreversibly.
- Retention periods: The organization can set automatic deletion periods — against the data graveyard.
Practical recommendations for the rollout
- Involve early: Inform the works council before tool selection, not after purchase. A joint requirements list saves months.
- A works agreement as the framework: Purpose, permitted data categories, evaluation prohibitions and deletion rules belong in writing.
- Pilot with clear rules: A limited pilot with volunteers builds trust — and delivers arguments from practice instead of slides.
- Show transparency: Disclose which models compute where and which subprocessors are involved. What convinces the data protection officer convinces the works council too.
(Note: this article is not legal advice. Clarify the design of co-determination and the works agreement with your legal counsel.)
Why we built it this way
At FutureWay AI, protecting employees is not a retrofitted feature but a product principle: org administrators never see their members' chat contents, there is no view-as-user mode, but there are temporary chats, immediate hard delete and configurable retention periods. Add the location question, which no works agreement should be missing: 100% of AI processing in the EU.
If you are looking for an AI platform you can present to your works council without a knot in your stomach: try FutureWay AI free for 14 days — no credit card required.
